Archive for March, 2006

After a couple of weeks of head-scratching, I managed to get the rewritten USB-wireless ZD1211 driver transmitting data.

The code has been written for a while, and although it seems to work (the device doesn’t indicate any form of failure), the frames simply weren’t “hitting the air”.

The problem originates from the huge number of undocumented physical registers in the vendor driver. Rather than list all 200 of them in our driver source in the ugly manner which ZyDAS do so, we devised a quick one-line macro to perform the same task:

#define CR(reg) CTL_REG((reg)*4)

However, it appears that ZyDAS have some trouble counting. A snippet from the vendor driver:

A bit later than anticipated, I have created initial releases for the dpfp project, a driver for DigitalPersona and Microsoft USB fingerprint readers.

My last attempt at the driver/library thing failed – I learned more about the device, and decided I should take a few steps back and work with a different design.

So far, the rewrite is working out, so I’m releasing an early version for people to try. The driver provides a simple character device interface, and the library provides a nice API to that interface. libdpfp includes an example program which you can use to scan your fingerprint to a PGM file.

This isn’t for general usage yet. There are basic instructions in the README file in the dpfp-driver distribution.

If you have questions, please don’t ask them in comments on my weblog, use the mailing list instead. Enjoy!

Mikko gave his Black Hat Europe presentation about the security issues with Microsoft/DigitalPersona’s fingerprint readers recently, which seems to have been a success.

It has gained media attention, with a few reports floating around in addition to the one I linked to recently. itnews.com.au has one of the better ones, including comments from Digital Persona. At least Mikko found one way to get through to them :)

Mikko’s slides are online here and it looks like audio will be published soon on this page. Mikko explains the lack of encryption and references the dpfp project in a few places for some of the discoveries. He also explains some of the device optics and demonstrates how the lack of encryption can be exploited to allow finger replay attacks.

After the end of this academic year, I am taking a “year in industry” before returning for a final 2 years of study at The University of Manchester.

For the industrial year, I’ve been fortunate enough to find a position with a company building a product based on open-source. The product is not yet released and everything is being kept quiet, so I’ll have to spare the details for now. The company also contributes back to the community, which makes things even better.

The company is based in Boston, MA, and I’ll be moving out there for the duration. I can’t explain how excited I am about the whole thing. The company is nice and small and has a great working atmosphere, and the product will hit the market soon after I start in September.

Hopefully we’ll have published some marketing material at some point, so that people can gape in awe at the amazing technology :)

Kiviharju wonders why Microsoft didn’t implement any Encryption. Quote: “Some experts who contacted me were as astonished as I was. It would have been a good product, but in the end, Microsoft screwed it.”